pinkpanther56
Technical User
I know this isn't strictly an enterprise issue but i figured this is the forum for questions on mass management and as the XP forum couldn't help i've turned to you.
We are a high school with approx 100 teaching staff, at present about 50 of them have laptops that were provided by the government last year. At the time our department was unable to support these so they we’re handed out as stand alone machines and the owners given administrator access (they do not connect to our network).
This year another 50 laptops will be awarded and they will be handed out, this time however the pressure is on to allow them to connect to the school network so staff can use the internet and collect work from their shared drives.
I would like some advice on how to proceed with a couple of problems I can see emerging.
Staff that already have administrator access to their laptops are reluctant to lose it, they are sent training programs and materials that require installing occasionally and this requires this level of access. I am thinking about insisting that they bring in their laptops so we can install XP SP2 and update their anti virus software, then using WSUS to keep them up to date in future. I am still a bit wary about security issues here so any advice is appreciated.
Next prob:
At present each user has a network account with a roaming profile and a standard desktop that is the same for all staff, how can I prevent this desktop being applied when they log onto the network from their laptop to access their work folders? I was hoping that their network user credentials could be cached on the XP laptop so they can logon using their network user account even when not connected to the network, can this be achieved without any policies been applied to the user on the laptop (policy loopback maybe?)
Alternatively would it be better for them to logon locally to the laptop then give them a shortcut that they can click when plugged into the network that requires they enter their username and password to connect to their work area?
I would like to insist that they all have standard user accounts and admin rights are restricted to our department but this is unlikely to happen, how do people in the forums manage their mobile users and their laptops?
We use Windows 2003 servers with Active Directory and all Laptops are Windows XP.
Thanks for all suggestions.
We are a high school with approx 100 teaching staff, at present about 50 of them have laptops that were provided by the government last year. At the time our department was unable to support these so they we’re handed out as stand alone machines and the owners given administrator access (they do not connect to our network).
This year another 50 laptops will be awarded and they will be handed out, this time however the pressure is on to allow them to connect to the school network so staff can use the internet and collect work from their shared drives.
I would like some advice on how to proceed with a couple of problems I can see emerging.
Staff that already have administrator access to their laptops are reluctant to lose it, they are sent training programs and materials that require installing occasionally and this requires this level of access. I am thinking about insisting that they bring in their laptops so we can install XP SP2 and update their anti virus software, then using WSUS to keep them up to date in future. I am still a bit wary about security issues here so any advice is appreciated.
Next prob:
At present each user has a network account with a roaming profile and a standard desktop that is the same for all staff, how can I prevent this desktop being applied when they log onto the network from their laptop to access their work folders? I was hoping that their network user credentials could be cached on the XP laptop so they can logon using their network user account even when not connected to the network, can this be achieved without any policies been applied to the user on the laptop (policy loopback maybe?)
Alternatively would it be better for them to logon locally to the laptop then give them a shortcut that they can click when plugged into the network that requires they enter their username and password to connect to their work area?
I would like to insist that they all have standard user accounts and admin rights are restricted to our department but this is unlikely to happen, how do people in the forums manage their mobile users and their laptops?
We use Windows 2003 servers with Active Directory and all Laptops are Windows XP.
Thanks for all suggestions.